Switch to preset file for systemd units to disable.
This commit is contained in:
parent
ea47dfbd5d
commit
377e0b4cd4
3
Makefile
3
Makefile
@ -46,10 +46,11 @@ all:
|
||||
make -C qubes-rpc
|
||||
|
||||
install-systemd:
|
||||
install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
|
||||
install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
|
||||
install -m 0755 vm-systemd/*.sh $(DESTDIR)$(LIBDIR)/qubes/init/
|
||||
install -m 0644 vm-systemd/qubes-*.service $(DESTDIR)$(SYSLIBDIR)/systemd/system/
|
||||
install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)$(SYSLIBDIR)/systemd/system/
|
||||
install -m 0644 vm-systemd/75-qubes-vm.preset $(DESTDIR)$(SYSLIBDIR)/systemd/system-preset/
|
||||
install -m 0644 vm-systemd/ModemManager.service $(DESTDIR)$(LIBDIR)/qubes/init/
|
||||
install -m 0644 vm-systemd/NetworkManager.service $(DESTDIR)$(LIBDIR)/qubes/init/
|
||||
install -m 0644 vm-systemd/NetworkManager-wait-online.service $(DESTDIR)$(LIBDIR)/qubes/init/
|
||||
|
@ -547,6 +547,7 @@ The Qubes core startup configuration for SystemD init.
|
||||
/lib/systemd/system/qubes-update-check.timer
|
||||
/lib/systemd/system/qubes-updates-proxy.service
|
||||
/lib/systemd/system/qubes-qrexec-agent.service
|
||||
/lib/systemd/system-preset/75-qubes-vm.preset
|
||||
/lib/modules-load.d/qubes-core.conf
|
||||
/lib/modules-load.d/qubes-misc.conf
|
||||
%dir /usr/lib/qubes/init
|
||||
@ -583,21 +584,19 @@ done
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
|
||||
DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed"
|
||||
DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
|
||||
DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
|
||||
DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
|
||||
DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover"
|
||||
DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord"
|
||||
for srv in $DISABLE_SERVICES; do
|
||||
if [ -f /lib/systemd/system/$srv.service ]; then
|
||||
if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
|
||||
/bin/systemctl --no-reload disable $srv.service 2> /dev/null
|
||||
grep '^[[:space:]]*[^#;]' /lib/systemd/system-preset/75-qubes-vm.preset | while read action unit_name; do
|
||||
case "$action" in
|
||||
(disable)
|
||||
if [ -f /lib/systemd/system/$unit_name.service ]; then
|
||||
if fgrep -q '[Install]' /lib/systemd/system/$unit_name; then
|
||||
/bin/systemctl --no-reload preset $unit_name 2> /dev/null
|
||||
else
|
||||
# forcibly disable
|
||||
ln -sf /dev/null /etc/systemd/system/$srv.service
|
||||
ln -sf /dev/null /etc/systemd/system/$unit_name
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
|
||||
|
51
vm-systemd/75-qubes-vm.preset
Normal file
51
vm-systemd/75-qubes-vm.preset
Normal file
@ -0,0 +1,51 @@
|
||||
# Units that should not run by default in Qubes VMs.
|
||||
#
|
||||
# This file is part of the qubes-core-vm-systemd package. To ensure that the
|
||||
# default configuration is applied to all units in the list regardless of
|
||||
# package installation order, including units added to the list by
|
||||
# qubes-core-vm-systemd upgrades, all units in the list are preset by a
|
||||
# scriptlet every time qubes-core-vm-systemd is installed or upgraded. That
|
||||
# means that to permanently enable a unit with an [Install] section, you must
|
||||
# create your own higher-priority preset file. (It might be possible to be
|
||||
# smarter and keep a list of units previously preset, but this is not
|
||||
# implemented.)
|
||||
#
|
||||
# For units below with no [Install] section, the scriptlet masks them instead.
|
||||
# Qubes currently does not provide a way to permanently prevent such units from
|
||||
# being masked.
|
||||
#
|
||||
# https://groups.google.com/d/topic/qubes-users/dpM_GHfmEOk/discussion
|
||||
|
||||
disable alsa-store.service
|
||||
disable alsa-restore.service
|
||||
disable auditd.service
|
||||
disable avahi.service
|
||||
disable avahi-daemon.service
|
||||
disable backuppc.service
|
||||
disable cpuspeed.service
|
||||
disable fedora-autorelabel.service
|
||||
disable fedora-autorelabel-mark.service
|
||||
disable ipmi.service
|
||||
disable hwclock-load.service
|
||||
disable hwclock-save.service
|
||||
disable mdmonitor.service
|
||||
disable multipathd.service
|
||||
disable openct.service
|
||||
disable rpcbind.service
|
||||
disable mcelog.service
|
||||
disable fedora-storage-init.service
|
||||
disable fedora-storage-init-late.service
|
||||
disable plymouth-start.service
|
||||
disable plymouth-read-write.service
|
||||
disable plymouth-quit.service
|
||||
disable plymouth-quit-wait.service
|
||||
disable sshd.service
|
||||
disable tcsd.service
|
||||
disable sm-client.service
|
||||
disable sendmail.service
|
||||
disable mdmonitor-takeover.service
|
||||
disable rngd.service
|
||||
disable smartd.service
|
||||
disable upower.service
|
||||
disable irqbalance.service
|
||||
disable colord.service
|
Loading…
Reference in New Issue
Block a user